South Korea’s largest online retailer, Coupang, recently recovered a damaged laptop from a river as part of an investigation into an insider data breach involving 33.7 million customer accounts. Despite the attempt to destroy evidence, forensic teams confirmed that while millions of accounts were accessed, data was only retained from about 3,000 users and no evidence of third-party sharing was found.

Coupang, frequently compared to Amazon, has faced intense public and political backlash since disclosing in November that a former employee compromised the personal information of over 33 million customers. In a statement released during the Christmas holiday, the company defended its response to the crisis, asserting that it had consistently followed government directives and cooperated with law enforcement. This defense came as a reaction to allegations of negligence and claims that the company was operating without proper oversight from state agencies and the National Assembly.

To address the fallout and take responsibility for the breach, the company announced a massive voucher compensation program valued at 1.685 trillion won, which is approximately 1.18 billion dollars. Harold Rogers, the interim CEO who took over after the previous leader resigned due to the scandal, expressed deep regret for the distress caused to customers. However, the compensation plan has already met with skepticism from lawmakers, who argue that by offering vouchers for its own services, Coupang is attempting to turn a security failure into a marketing opportunity.

GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025

The investigation reached a turning point when the former employee confessed and provided details on how the data was accessed. Using digital forensics and fingerprints, investigators tracked the suspect and eventually learned about a MacBook Air that had been hidden. This laptop had been intentionally smashed, placed in a weighted canvas bag, and discarded in a river to prevent recovery. A specialized diving team was deployed to retrieve the device, which served as a critical piece of evidence in the ongoing probe.

Despite the laptop’s submerged and damaged state, a team of cybersecurity experts from Mandiant, Palo Alto Networks, and Ernst & Young successfully extracted and inventoried its contents. Their analysis indicated that although the perpetrator accessed a vast number of accounts, they only kept data from roughly 3,000 individuals. This retained data was reportedly deleted once the breach became public knowledge, and investigators have yet to find any evidence that the information was sold or distributed to outside parties.

Following the update on the investigation and the news of the limited data retention, Coupang’s shares saw a 6 percent increase. However, the company is not yet clear of the consequences, as it still faces significant legal and regulatory hurdles. These include ongoing scrutiny from the South Korean National Assembly and a pending class action lawsuit in the United States, both of which could have lasting impacts on the retailer’s financial standing and reputation.

Source: Coupang Recovers Laptop Allegedly Thrown Into River By Data Leak Suspect